Code calculating device

ABSTRACT

A code computing apparatus with an error detection code (CRC) generating function and an elliptic curve cryptography (ECC) function, comprising a matrix element computation part  30  for generating matrix elements from parameter values set in first and second registers  201  and  202 , a matrix element register  51  for holding the matrix elements generated by the matrix element computation part, and an inner product calculation part  40  for executing inner product calculation between the matrix elements held by the matrix element register and data set in a third register. The matrix element computation part selectively generates matrix elements for error detection and matrix elements for encryption by changing the parameters to be set in the first and second registers, and the inner product calculation part is shared to error control code generation and data encryption by altering the matrix elements to be held in the matrix element register.

TECHNICAL FIELD

The present invention relates to code calculating device (a codecomputing apparatus) for communication data, and more particularly tocode calculating device (a code computing apparatus) for generating anerror detection (correction) code and data encryption/decryptionprocessing necessary for transmitting and receiving of digital packetdata.

BACKGROUND ART

A digital communication apparatus needs an encryption/decryptionfunction and an error detection (correction) code generating function ofpacket data to cope with holding data security and occurrence of asignal error on a network. As the communication need for still images ormoving images having a large amount of information is increased inaddition to voice data and text data communication, anencryption/decryption technique and an error detection (correction) codegenerating technique suitable for making the data transfer rate high arerequired for the digital communication apparatus.

As an error detection code of a data packet, for instance, CRC (CyclicRedundancy Check Codes) only for error detection without performingerror correction is often used. CRC computing equations are described inRamabadran, T. V. and Gaitonde S. S. “A Tutorial on CRC Computations”,IEEE Micro, vol. 8, No. 4, pp. 62-75, August 1988.

As an encryption method used for holding data security, RSA (public-key)cryptography is well-known. The RSA, however, needs a long code with1024 bits as an encryption/decryption key, and attention has beenfocused in recent years on elliptic curve cryptography (ECC) whichrequires a short code length of about 160 bits. With respect to theelliptic curve cryptography processing, there exists a document of Moon,S., Park, J. and Lee, Y., “Fast VLSI Arithmetic Algorithms forHigh-Security Elliptic Curve Cryptographic Applications” IEEETransaction Consumer Electronics, vol. 47, No. 3, pp. 700-708, August2001. The above document describes examples of computing equationsnecessary for the elliptic curve cryptography (ECC) and a large-scaleintegrated circuit realizing the ECC processing.

Since the RSA employs modulo arithmetic causing propagation of a carrybit, it increases the quantity of hardware. As will be describedhereinafter, according to the ECC, data encryption/decryption can berealized with compact hardware because ECC is based on Galois field(finite field) which does not cause the propagation of a carry bit.

The modulo arithmetic using polynomial g(x) of degree n over Galoisfield shown by equation (1) will be considered.g(x)=x ^(n) +g _(n−1) x ^(n−1) + . . . +g ₁ x+1  (1)

This Galois field of the polynomial is generally expressed as GF (2^(n)). The value of coefficient g_(i) is “0” or “1” and is expressed asg_(i)εGF (2). Although exclusive OR (EOR) calculation (⊕) is performedin the coefficient term of GF(2), an operator (+) is used in thisspecification instead of ⊕ unless it gets confused especially.

The following three polynomials expressing data having length n will beconsidered now, where a_(i), b_(i), c_(i)εGF(2).${{a(x)} = {\sum\limits_{i = 1}^{n - 1}\quad{a_{i}x^{i}}}},{{b(x)} = {\sum\limits_{i = 0}^{n - 1}\quad{b_{i}x^{i}}}}$$\quad{{c(x)} = {\sum\limits_{i = 0}^{n - 1}\quad{c_{i}x^{i}}}}$

For the ECC, data indicating an encryption key called a public-key or aprivate-key is expressed with a polynomial a(x) andtransmitting/receiving data to which the encryption key is applied isexpressed with a polynomial b(x). In this case, encrypted data on thetransmission side or decrypted data (the original unencrypted plaindata) on the receiving side is obtained as calculation result c(x) ofthe following equation (2).C(x)≡a(x)·b(x) mod g(x)  (2)

Expressing the equation (2) in detail, the following equation (3) isgiven. $\begin{matrix}{{\sum\limits_{i = 0}^{n - 1}\quad{c_{i}x^{i}}} \equiv {\left( {\sum\limits_{i = 0}^{n - 1}\quad{a_{i}x^{i}}} \right)\left( {\sum\limits_{i = 0}^{n - 1}\quad{b_{i}x^{i}}} \right)\quad{mod}\quad{g(x)}}} & (3)\end{matrix}$

In documents: Mastrovito, E. D., “VLSI Designs for Multiplication overFinite Fields GF(2^(m))”, Proc. Sixth Int'l Conf. “Applied Algebra,Algebraic Algorithms, and Error-Correcting Codes (AAECC-6)” pp. 297-309,July 1988, and WO 91/20028 (Title of the Invention: “Universal GaloisField Multiplier”), Mastrovito attempts to convert the equation (3) tothe following matrix forms. $\begin{matrix}{\begin{bmatrix}c_{0} \\c_{1} \\. \\. \\c_{n - 1}\end{bmatrix} = {\begin{bmatrix}m_{00} & {m_{01}\ldots} & m_{0,{n - 1}} \\m_{10} & {m_{11}\ldots} & m_{1,{n - 1}} \\. & . & . \\. & . & . \\m_{{n - 1},0} & m_{{n - 1},1} & m_{{n - 1},{n - 1}}\end{bmatrix}\begin{bmatrix}b_{0} \\b_{1} \\. \\. \\b_{n - 1}\end{bmatrix}}} & (4) \\{C = {M \cdot b}} & (5)\end{matrix}$

A matrix M of n×n in the equation (4) is called a Mastrovito matrix. Theelements of the matrix M can be previously calculated from thepolynomials a(x) and g(x).

On the other hand, the value of CRC is calculated as the remainder c(x)obtained when x^(n)·b(x) is divided by the polynomial g(x), as shown bythe following equation (6), in the case where data of a transmittingmessage (or receiving message) is expressed by the polynomial b(x).c(x)=x^(n)·b(x) mod g(x)  (6)

-   -   where x^(n)·b(x) means that the data b(x) is shifted to the left        by n bits. The data transmission side sends out, to the        transmission path, transmitting data b(x) to which the        polynomial c(x) indicating the value of CRC calculated by the        equation (6) is added.

The data receiving side performs the same calculation to the receiveddata b(x) with CRC and judges that the received data b(x) has no errorswith a very high probability when the calculation result c(x) is 0.

Comparing the equation (2) with the equation (6), the computingequations of CRC and ECC are found to be very similar. The differencelies in that the value, by which the data b(x) is multiplied, is x^(n)of degree n for CRC, but it is the polynomial a(x) of degree n−1 forECC.

The above documents describing the Mastrovito matrix seem to generallytreat an error correction method called BCH or Reed-Solomon by theequation (2). However, the above documents do not specifically describehow these encryption methods are concretely related with the equation(2). The above documents do not suggest the later-described CRC codematrix expression noted by the present invention.

DISCLOSURE OF THE INVENTION

An object of the present invention is to provide a code computingapparatus applicable to both of error detection and dataencryption/decryption.

Another object of the present invention is to provide a Galois field(finite field) code computing apparatus applicable commonly to errordetection and data encryption/decryption.

A further object of the present invention is to provide a code computingapparatus capable of calculating matrix elements for error detection anddata encryption/decryption by the same matrix element computation partand selectively uses these matrix elements to error detection and dataencryption/decryption.

A furthermore object of the present invention is to provide a packetcommunication apparatus capable of performing error detection and dataencryption/decryption with a compact hardware configuration.

In order to achieve these objects, the present invention ischaracterized by the hardware applicable in common to CRC computationand ECC computation, which is proposed based on the similarity betweenGalois field-based CRC and ECC computing equations.

According to one of solving methods which can be easily considered inorder to share the computing processing between CRC and ECC, the degreeof the polynomial a(x) by which the data b(x) is multiplied in ECCcomputation shown by the equation (2) is increased from degree n−1 todegree n so as to be consistent with the degree of x^(n) in the CRCcomputation shown by the equation (6), and when performing the CRCcomputation, the coefficient part of degree n of the polynomial a(x) isused. However, such a method that increases the degree of the polynomiala(x) cannot be an essential solving method.

The present invention uses the following characteristic of moduloarithmetic over Galois field to share the computing processing betweenCRC and ECC.

As shown by the equation (1), coefficient g_(n) of x^(n) of theirreducible polynomial g(x) applied to the module arithmetic over Galoisfield is “1”. When the higher degree term x^(n) higher than the degree nto be applied to the CRC computation shown by the equation (6) issubject to modulo arithmetic by g(x) for reduction to the term of theremainder below degree n-1, the following polynomial (7) is obtained.X^(n) mod g(x)≡g_(n−1)x^(n−1)+ . . . g₁x+1  (7)

Here, the right side of the equation (7) is replaced with the followingequation.g′(x)=g _(n−1) x ^(n−1) + . . . g ₁ x+1  (8)

The CRC computing equation shown by the equation (6) is transformed tothe following equation (9). Like the ECC computing equation (2), thedegree of the polynomial by which the data b(x) is multiplied can bereduced to degree n-1.c(x)≡g′(x)·b(x) mod g(x)  (9)

The value of CRC can be calculated according to the equation (9) bysetting the value of g′(x) in place of a(x).

Further, when term x^(n+1) of higher degree than x^(n) is subject tomodulo arithmetic by g(x), it is found that reduction of it to the termbelow degree n−1 can be done using the equation (7), as shown by thefollowing equation (10). $\begin{matrix}\begin{matrix}{{X^{n + 1}\quad{mod}\quad{g(x)}} \equiv {{g_{n - 1}x^{n}} + {g_{n - 2}x^{n - 1}} + \ldots + {g_{1}x^{2}} + x}} \\{= {{g_{n - 1}\left( {{g_{n - 1}x^{n - 1}} + \ldots + {g_{1}x} + 1} \right)} +}} \\{{g_{n - 2}x^{n - 1}} + \ldots + {g_{1}x^{2}} + x} \\{= {{\left( {{g_{n - 1}g_{n - 1}} + g_{n - 2}} \right)x^{n - 1}} +}} \\{{\left( {{g_{n - 1}g_{n - 2}} + g_{n - 3}} \right)x^{n - 2}} + \ldots +} \\{{\left( {{g_{n - 1}g_{2}} + g_{1}} \right)x^{2}} + {\left( {{g_{n - 1}g_{1}} + 1} \right)x} + g_{n - 1}}\end{matrix} & (10)\end{matrix}$

Accordingly, by comparing the coefficient terms of x^(i), aftersubjecting the term of degree higher than degree n to reduction to theterm below degree n−1, it is able to obtain the matrix elements of theequation (4) or (5).

One feature of the present invention resides in that the CRC computingequation is transformed like the equation (9), the degree is adapted tothe ECC computing equation (3), and the same matrix element computationpart is used to compute the elements of ECC matrix and CRC matrix.Another feature of the present invention resides in that ECCencryption/decryption computation and CRC computation are executed bythe same inner product calculation part, by selectively using ECC matrixelements and CRC matrix elements calculated previously.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 is a block diagram showing the configuration of a packetcommunication apparatus having an error detection function and anencryption function to which the present invention is applied;

FIG. 2 is a diagram for explaining data encryption and decryption of CRCerror detection;

FIG. 3 is a diagram for explaining data encryption and decryption ofECC;

FIG. 4 is a block diagram of a computing apparatus having a matrixelement computation circuit 30 showing an embodiment of the presentinvention;

FIG. 5 is a diagram for explaining an array of the calculated elementsof a matrix M generated by the matrix element computation circuit 30;

FIG. 6 is an explanatory view when generating the calculated elements ofa matrix M of n×n divided into a plurality of submatrices;

FIG. 7 is a diagram for explaining the relation between submatricesconstituting a matrix M for ECC and input/output data;

FIG. 8 is a diagram showing an embodiment of the matrix elementcomputation part 30 shared between CRC and ECC;

FIG. 9 is a flowchart showing an embodiment of a CRC matrix elementgeneration routine 100 to be executed by a controller 70 shown in FIG.4;

FIG. 10 is a flowchart showing an embodiment of an ECC matrix elementgeneration routine 120 to be executed by the controller 70;

FIG. 11 is a flowchart showing a transmitting data processing routine200 and a receiving data processing routine 300 to be executed by thecontroller 70;

FIG. 12 is a flowchart showing the detail of transmitting dataencryption 210 in the transmitting data processing routine 200; and

FIG. 13 is a flowchart showing the detail of CRC generation 230 in thetransmitting data processing routine 200.

BEST MODE FOR CARRYING OUT THE INVENTION

FIG. 1 shows a block diagram of a packet communication apparatus havinga data error detection function and an encryption function to which thepresent invention is applied.

The packet communication apparatus is comprised of a core processor(P-CORE) 10, a processing part 20 for processing transmitting andreceiving data, and a transmission part 11 and a receiving part 12connected to a transmission path 13. The transmission part 11 and thereceiving part 12 include an A/D converter, D/A converter and an RF(radio frequency) processing part in the case where the transmissionpath 130 is wireless. The transmission part 11 and the receiving part 12include a modem processing part in the case where the transmission path13 is an analog cable.

The processing part 20 for processing transmitting and receiving data iscomprised of a control processor (P-CONT) 21, an encryption processingpart (ECC-ENC) 22, an error detection code encoding part (CRC-ENC) 23,an error detection code decoding part (CRC-DEC) 24, a decryptionprocessing part (ECC-DEC) 25, a buffer memory (BUF-MEM) 26, and a memory(MEM) 27. These elements are connected to each other through an internalbus 29 (29A and 29B).

A transmitting message (plain data) outputted from the core processor 10is temporarily stored in a transmission buffer area of the buffer memory26. When the transmitting data must hold data security, the transmittingmessage is encrypted by the encryption processing part 22. Thetransmitting message (plain data or encrypted data), added with an errordetection code generated by the error detection code encoding part 23,is transmitted from the transmission part 11 to the transmission path13.

A receiving message (plain data or encrypted data) with an errordetection code received from the transmission path 13 is once stored ina receiving buffer area of the buffer memory 26 from the receiving part12. The error detection code decoding part 24 performs remaindercomputation of the error detection code of the receiving message. If theremainder is zero, it is judged that the received data has no errors andthe error detection code is removed from the receiving message. When thedata of the receiving message from which the error detection code hasbeen removed is encrypted data, it is restored to the plain data by thedecryption processing part 25. After that, the receiving message istransferred via the buffer memory 26 to the core processor 10.Information necessary for error detection and data encryption/decryptionis read out from the memory 27. The encryption processing part 22, theerror detection code encoding part 23, the error detection code decodingpart 24, and the decryption processing part 25 are controlled by thecontrol processor 21.

FIG. 2 shows the operations of the error detection code encoding part 23and the error detection code decoding part 24 in the case where CRC isapplied to error detection.

In this case, the error detection code encoding part 23 dividestransmitting data into data blocks b(x) having an n-bit length (n=32bits) to perform encryption for each of the data blocks. As shown by theequation (6), the data b(x) is shifted to the left by n bits(computation of x^(n)·b(x)). Then the data is divided by a specifiednumerical value g(x) (modulo arithmetic) to determine a remainder r(x).r(x)≡x^(n)·b(x) mod g(x)  (11)

The r(x) is added to the data x^(n)·b(x), that is, the computation ofw(x)=x^(n)·b(x)⊕r(x) is performed. As a result, the original n-bit datablock is transmitted to the transmission path in a form converted to adata block w(x) having a 2n-bit length.

On the other hand, the error detection code decoding part 24 on thereceiving side executes modulo arithmetic with the same numerical valueg(x) as that of the transmission side to the data blockw′(x)=x^(n)·b′(x)⊕r′(x) received from the transmission path to determinea remainder. When no errors occur on the transmission path, thefollowing equation (12) is satisfied and the remainder c(x) becomeszero. $\begin{matrix}\begin{matrix}{{c(x)} \equiv \left\lbrack {{x^{n} \cdot {b^{\prime}(x)}} \oplus {{r^{\prime}(x)}\quad{mod}\quad{g(x)}}} \right\rbrack} \\{= {{r^{\prime}(x)} \oplus {r^{\prime}(x)}}}\end{matrix} & (12)\end{matrix}$

In this case, by removing r′(x) from the receiving data w′(x) andshifting the receiving data to the right by n bits, the original datablock b(x)=b′(x) is restored. When the length of a message received fromthe transmission path is longer than 2n bits, the above-described errordetection code decoding processing is repeated for each data blockhaving a 2n-bit length.

FIG. 3 shows the operations of the encryption processing part 22 and thedecryption processing part 25 in the case where ECC is applied toencryption.

The encryption processing part 22 divides transmitting data into n-bitdata blocks. By applying the transmitting data blocks to the polynomialb(x) and a public-key to the polynomial a(x), the modulo arithmetic isexecuted according to the irreducible polynomial g(x), thereby togenerate the encrypted data c(x) shown by the equation (2).

The block length n of ECC encrypted data is about 160 bits which islonger than that of CRC. In order to apply the same hardware as CRC, thetransmitting data block b(x), public-key a(x) and irreducible polynomialg(x) are divided into a plurality of sub-blocks each corresponding tothe CRC bit length, and the encryption processing is repeated.

The encrypted data added with an error detection code is processed atthe receiving side to detect an error. When the receiving data has noerrors, it is restored to the encrypted data c(x) from which the errordetection code has been removed. As shown by the following equation(13), the decryption processing part 25 on the receiving side applies aprivate-key d(x) and the receiving data c(x) in place of a(x) and b(x)of the equation (2) and executes the modulo arithmetic according to theirreducible polynomial g(x) to obtain the decrypted data b(x).b(x)≡d(x)·c(x) mod g(x)  (13)

The feature of the present invention resides in that the configurationof the processing part 20 for transmitting and receiving data issimplified by sharing hardware necessary for the error detection codeencoding part 23, the error detection code decoding part 24, theencryption processing part 22, and the decryption processing part 25.

FIG. 4 shows an embodiment of the processing part 20 for processingtransmitting and receiving data according to the present invention.

The processing part (code computing apparatus) 20 is comprised of amatrix element computation part (MAT-UNIT) 30, an inner productcalculation part (CAL-UNIT) 40, a control part (CONTROLLER) 70, thebuffer memory (BUF-MEM) 26, the memory 27 for storing parameters, amemory (MAT-MEM) 50 for storing matrix elements, a matrix elementregister (M-REG) 51, a calculation result holding memory (C-MEM) 52,parameter registers (A-REG and G-REG) 201 and 202, a data register(B-REG) 203, a code register (C-REG) 204, an EOR adding circuit 53, anda consistency detection circuit 54.

The memory 27 includes a storage area (g′-CRC) 271 for storing apolynomial g′(x) having been performed reduction necessary for CRCcomputation, a storage area (g-ECC) 272 for storing an irreduciblepolynomial g(x) necessary for ECC computation, an encryption key(public-key) storage area (E-KEY) 273, and a decryption key(private-key) storage area (D-KEY) 274.

In the buffer memory 26, a buffer area (Tx-BUF) 261A for storing atransmitting message supplied from the core processor 10, a buffer area(Tx-ENC) 262A for storing an encrypted transmitting message, a bufferarea (Rx-CRC) 263B for storing a receiving message with CRC suppliedfrom the receiving part, a buffer area (Rx-ENC) 262B for storing anencrypted receiving message from which CRC is removed, and a buffer area(Rx-BUF) 261B for storing a decrypted receiving message are defined. Amessage is transmitted and received between the core processor 10 andthe processing part 20 via the Tx-BUF area 261A and the Rx-BUF area261B.

The processing part (code computing apparatus) 20 for processingtransmitting and receiving data shown in this embodiment includes, asits operation modes, a matrix element computing mode, a transmittingdata encryption mode, a transmitting data error encryption mode, areceiving data error detection mode, and an encrypted data decryptionmode. These operation modes are switched by the control part 70.

When generating a matrix element for ECC encryption in the matrixelement computing mode, for instance, the control part 70 starts thematrix element computation part 30 in a state that the coefficientvalues of the irreducible polynomial g(x) read out from the memory area272 are set to the G-REG 202 and an encryption key read out from thememory area 273 is set to the A-REG 201. The generated matrix elementsare held in an encoding matrix area of the memory 50.

In the same manner, matrix elements for ECC decryption are generated inthe state that the coefficient values of the irreducible polynomial g(x)are set from the memory area 272 to the G-REG 202 and a decryption keyis set from the memory area 274 to the A-REG 201. The matrix elementsgenerated by the matrix element computation part 30 are held in adecoding matrix area of the memory 50.

The element values for CRC matrix are generated in the state that thecoefficient values of g′(x) are set from the memory area 271 to theA-REG 201 and the G-REG 202. The matrix elements generated by the matrixelement computation part 30 are held in a CRC matrix area of the memory50.

In the case where each of the A-REG 201 and the G-REG 202 has a 32-bitlength corresponding to the parameter length for CRC computation, theelement values of CRC matrix can be calculated through one parameterloading to these registers. However, the parameter for ECC computationis longer than that for CRC computation. Accordingly, the matrixelements for ECC encryption and decryption are generated as describedlater by repeating the matrix element computation a plurality of timeswhile reading out the irreducible polynomial g(x) and the encryption keyin units of 32 bits from the memory 27 and switching the parameters setin the registers 201 and 202 for each computation.

In the transmitting data encryption mode, transmitting data read out inunits of 32-bit of sub-block from the Tx-BUF area of the buffer memoryis supplied to the B-REG 203, and elements of the partial matrixnecessary for encryption of transmitting data are loaded from the memory50 to the M-REG 51. After that, the inner product calculation part 40 isstarted. In this case, the inner product calculations is repeated on onedata block set in the B-REG 203 a plurality of times while switching thecontents of the M-REG 50.

The calculation result of the inner product calculation part 40 isoutputted to the C-REG register 204. The calculation result outputted tothe C-REG register 204 is held in the C-MEM 52 as an intermediate resultof the calculation. The C-MEM 52 has a storage capacity having thenumber of bits corresponding to an ECC code length. The EOR addingcircuit 53 adds a new calculation result to the intermediate result ofthe calculation corresponding to the submatrix in each inner productcalculation cycle.

When the encryption calculation processing of the transmitting data fora plurality of sub-blocks corresponding to the ECC code length has beencompleted, the contents of the C-MEM 52 are read out as encrypted datato the Tx-ENC area 262A of the buffer memory 26.

When the encryption processing for one message stored in the Tx-BUF areahas been completed through the repetition of the above-described innerproduct calculation, the operation mode is switched to the transmittingdata error encryption mode (CRC computation mode).

In the transmitting data error encryption mode, in the state of loadingthe elements of CRC matrix from the MAT-MEM 50 to the M-REG 51, theencrypted data block is read out in units of 32 bits from the Tx-ENCarea 262A of the buffer memory 26 and transferred to the B-REG register203 and the transmission part 11. If the transmitting data need not beencrypted, the data block read out from the Tx-BUF area 261A of thebuffer memory 26 is supplied to the B-REG register 203 and thetransmission part 11.

The inner product calculation part 40 executes inner product calculationbetween the data block stored in the B-REG register 203 and the elementsof CRC matrix indicated by the M-REG 51 to output the calculation resultto the C-REG register 204. In this case, the calculation resultoutputted to the C-REG register 204 is transferred as a CRC code to beadded to the data block already supplied, via the bus 29 to thetransmission part 10.

In the receiving data error detection mode, by selecting receiving dataread out from the Rx-CRC area 263 of the buffer memory 26 as acalculation object, the inner product calculation part 40 executes innerproduct calculation between the data block stored in the B-REG register203 and the elements of CRC matrix indicated by the M-REG 51.

In this case, the receiving data is stored in the Rx-CRC area 263B in aform added with a 32-bit CRC code block for each 32-bit data block. Thepresence or absence of an error of the received data can be judged, forinstance, by reading out a 32-bit data block to generate CRC r(x) in thefirst cycle, reading out a 32-bit CRC code block subsequent to the datablock in the second cycle to generate CRC r′(x), and checking theconsistency of r′(x) of r(x).

The consistency detection of the r′(x) and r(x) is performed by theconsistency detection circuit 54 and the detected result is notified tothe control part 70. The control part 70 transfers the data block havingbeen performed error-detection to the Rx-ENC area 262B (the Rx-BUF area261B for an unencrypted plain data block) of the buffer memory. If erroris detected, the control part 70 discards the error data block.

In the encrypted data decryption mode, by selecting the data block readout from the Rx-ENC area 262B as a calculation object, the samecalculation as the transmitting data encryption mode is performed by theinner product calculation part 40. The decrypted data is transferredfrom the C-MEM 52 to the Rx-BUF area 261B.

FIG. 5 shows an example of a matrix M generated by the matrix elementcomputation part 30.

In the explanation of the embodiment of FIG. 4, the matrix elementcomputation part 30 generates a matrix of a 32×32 size. Here, forsimplification, a matrix of 8×8 is shown. Symbols b₀ to b₇ indicate databits set to the B-REG 203, and c₀ to c₇ the bits of CRC or ECC outputtedas calculation results to the C-REG 204. The values (m₀₀ to m₇₀) in thefirst column of the matrix M are determined by each of bit values (a₀ toa₇) of the polynomial a(x).

The values (m₀₁ to m₇₇) after the second column are basically in therelation of equation (14).m(i, j)=m(i−1, j−1)+g(i)m(0, j)  (14)The values (m₀₁, m₀₂, m₀₃ . . . m₀₇) in the first row in each of thecolumns are in the relation of equation (15).m(0, j)=g(0)m(max, j−1)  (15)Here, m (max, j−1) means the matrix element in the last row in the(j−1)-th column.

Each of the coefficients of the polynomial g(x) has a fixed valuedefined by the standards. In the case of ECC encryption/decryption, thepolynomial a(x) is an encryption key and has a fixed value or semi-fixedvalue in a certain period. In the case of error detection, thepolynomial g′(x) to be used in place of a(x) has a perfect fixed value.Accordingly, since the matrix M generated from these parameters has afixed or semi-fixed value, if the coefficient values are once computedby the matrix element computation part 30, the calculation result can berepeatedly used.

The matrix computation capacity of the matrix element computation part30 and the inner product calculation part 40 has a limited size(hereinafter, called a basic size) like 16×16 or 32×32 from the limit ofhardware. In order to treat a matrix M of an n×n size larger than thebasic size, it is required to divide the matrix M into a plurality ofsubmatrices having the basic size and repeat the computing operation foreach of the submatrices.

FIG. 6 shows an example in which a matrix M of n×n is divided intosubmatrices M(0,0) to M(I,J).

Here, for instance, the value of a matrix element m (0, 1) in the firstrow (the row of the calculation result c₀) in the second column (thecolumn of the data bit b₁) of the first submatrix M(0,0) depends on thematrix element m(n−1,0) in the last row in the first column (the columnof the data bit bo) of the submatrix M(I,0) located in the lower leftside of the matrix M. The value of a matrix element m(k,1) in the firstrow in the second column of the next submatrix M(1,0), which is omittedfrom the drawing, depends on the matrix element m(k−1,0) in the last rowin the first column of the first submatrix M(0,0). Except for the firstcolumn (the column of the data bit b₀) of the entire matrix M, theelement in the first row (the row of the calculation result c₀) of thematrix M in each of the columns is reflected on all subsequent rows (therows of the calculation results c₁ to c_(n−1)).

When generating matrix element values for each submatrix by the matrixelement computation part 30, parameters must be set in considering theseboundary conditions.

FIG. 7 shows the relation among the arrays of the submatrices M(0,0) toM(4,4), input data (B01 to B159) and output codes (C01 to C159) in thecase where a matrix with 160×160 bits is divided into a plurality ofblocks having the basic size of 32×32.

When handling such submatrices, the input data (B01 to B159) is inputtedto the inner product calculation part 40 in a form divided into datablocks D-0 to D-4 in units of 32 bits and the output codes (C01 to C159)are outputted in a form divided into the code blocks ECC-0 to ECC-4 inunits of 32 bits.

FIG. 8 shows an embodiment of the matrix element computation part 30 forgenerating the elements of ECC matrix for each submatrix with 32×32bits.

The matrix element computation part 30 is comprised of a plurality ofAND circuits 31-i, a first group of selectors 33-i, and exclusive OR(EOR) circuits 32-i (i=0 to k, k=31), which are prepared so as to becorresponding to each of the bits of the A-REG 201 and the G-REG 202,and a register 35 having a plurality of bits of storage areas 35-i (i=0to k) for holding the output values of the EOR circuits.

Any one of the value “ai” of the i-th bit stored in the A-REG 201 andthe output value of the AND circuit 31-i is selectively supplied to thefirst input of each of the EOR circuits 32-i via the selectors 33-icontrolled by a control signal S0 from the control part 70. As thesecond input of the EOR circuits 32-i (i=1 to k), except for the firstEOR circuit 32-0, the matrix element m(i−1,j−1) in the previous row inthe previous column held in the register 35 is supplied. As the secondinput of the first EOR circuit 32-0, a fixed value “0” or the matrixelement m(31, j−1) in the last row in the previous column held in thelast bit storage area 35-k of the register 35 is supplied via a selector37 controlled by a control signal S2 from the control part 70. Thematrix element in the first row of the submatrix outputted from theselector 33-0 is held in a latch circuit 34 at predetermined timingspecified by a control signal S3 from the control part 70.

The value “gi” of the i-th bit stored in the G-REG 202 is supplied asthe first input of each of the AND circuits 31-i. As the second input ofthe first AND circuit 31-0, any one of the matrix element m(31,j−1) inthe last row in the previous column and the matrix element in the firstrow of the submatrix held in the latch circuit 34 is supplied via theselector 36-0. As the second input of each of the other AND circuits31-i (i=1 to k), any one of the output value of the selector 33-0 andthe matrix element in the first row of the submatrix held in the latchcircuit 34 is supplied via the selectors 36-i. The selectors 36-0 to36-k constitute a second group of selectors and are controlled by acontrol signal S1 from the control part 70.

In this embodiment, in order to apply to the CRC matrix computation andECC matrix computation, the matrix element computation part 30 includesa plurality of shift registers (SHIFT) 38-i each for holding the outputbit of the EOR circuits 32-i, and a third group of selectors 39-i (i=0to k) each for selecting any one of the output value of the shiftregister 38-i and the output value of the register area 35-i to supplythe selected output value to the EOR circuits 32-(i+1) in the next row.Each of the third group of selectors, except for the last selector 39-kcontrolled by the control signal S1, selects any one of the inputs of Aport and B port according to a control signal S4.

When generating the elements of CRC matrix, the control part 70 outputsthe control signals S1, S2 and S4 so that each of the selector 37, thesecond group of selectors 36-0 to 36-k, and the third group of selectors38-0 to 38-k constantly selects the input of A port. The control signalS0 is switched so that each of the first group of selectors 33-0 to 33-kselects the input of A port (the output of the A-REG) in the computationcycle of the matrix elements in the first column of the matrix M andselects the input of B port (the output of the AND circuit 31-i) in thecomputation cycle of the matrix elements in the second to k-th column(k=31) of the matrix M.

Accordingly, in the computation cycle of the matrix elements in thefirst column, each of the bit values a₀ to a₃₁ indicated by the A-REG201 is generated from the EOR circuits 32-i (i=0 to k). These bit valuesare temporally set to the storage areas 35-0 to 35-k of the register 35and thereafter stored in the CRC matrix area of the MAT-MEM 50. In theillustrated example, these bit values are stored in the first column ofM(0,0).

In the computation cycle of the matrix elements in the second column,the value of element (m_(0,1)) indicating the result of AND between thematrix element a₃₁ in the last row in the previous cycle indicated bythe storage area 35-k selected by the selector 36-0 and the first bitvalue g₀ indicated by the G-REG 202 is outputted from the selector 33-0in the first row and this value is inputted to the EOR circuit 32-0. Thevalue of element (m_(0,1)) is also inputted to the other AND circuits31-i via the second group of selectors 36-i (i=1 to k). Accordingly, thevalue indicating “g_(i)·m_(0,1)” is outputted from each of the selectors33-i after the first row and a matrix element indicated by the equation(14) is outputted from each of the EOR circuits 32-i.

In the computation cycles of the matrix elements in the second to k-thcolumn, the same computing operation is repeated, thereby to generatematrix elements according to the equations (14) and (15) in the CRCmatrix area M(0,0).

When generating the elements of ECC matrix, in the state that each ofthe third group of registers 39-i (i=0 to k) selects the input of Bport, the computation cycle of the matrix elements in the first columnof the matrix M is repeated while replacing the set parameters of theA-REG 201. In these computation cycles, the values of a0 to a31, a32 toa63, . . . a128 to a159 are generated successively in the register 35and are stored in the first column of the submatrices M(0,0), M(1,0), .. . M(4,0).

At this time, the bit values of a₀, a₃₂, a₆₄, a₉₆ and a₁₂₈ are held inthe first shift register 38-0, and the bit values of a₁, a₃₃, a₆₅, a₉₇and a₁₂₉ are held in the next shift register 38-1. The bit values ofa₃₁, a₆₃, a₉₂, a₁₂₇ and a₁₅₉ are held in the last shift register 38-k.

When the matrix computation for the first column has been completed, thecontrol signals S0 and S2 are switched so that each of the first groupof selectors 33-i and the selector 37 selects the respective inputs of Bport. At this time, the parameter value “a₁₅₉” is set as the matrixelement (m_(31, J−1)) in the storage area 35-k of the register 35. Afterthis, computation cycles of the matrix elements in the first column ofthe submatrices M(0,0), M(1,0), . . . M(4,0) are repeated whilereplacing the set value of the G-REG 202.

In the computation cycle in which the parameter values g₀ to g₃₁ of thefirst block are set in the G-REG 202, the control signal S1 is switchedso that each of the second group of selectors 36-i and the last selector39-k of the second group of selectors selects the input of A port, andthe output value “g₀·a₁₅₉” of the selector 33-0 is inputted to the ANDcircuits 31-i in other rows. The output value “g₀·a₁₅₉” of the selector33-0 is stored in the latch circuit 34 by a latch signal given by thecontrol signal S3. In this case, since the bit value m(0, j−1) in theprevious row in the previous column outputted from the shift registers38-(j−1) is inputted to the EOR circuits 32-j, the matrix elements(m_(0,1)) to (m_(31,1)) in the second row are generated according to theequations (14) and (15). These values are stored in the shift registers38-0 to 38-k and the second column of the ECC submatrix M(0,0) of theMAT-MEM 50.

In each of the computation cycles performed in the state that theparameter values of the first block (g₃₂ to g₆₃) to the fourth block(g₁₂₇ to g₁₅₉) are set in the G-REG 202, the control signal S1 isswitched so that each of the second group of selectors 36-i and the lastselector 38-k of the third selectors select the input of B port. Thatis, the value “g₀·a₁₅₉” stored in the latch circuit 34 is reflected onthe matrix elements of the submatrices M(1,0) to M(4,0). According tothis operation, the value of matrix elements (m_(32,1) to m_(63,1)) to(m_(127,1) to m_(159,1)) in the first row according to the equations(14) and (15) are generated successively, and these values are stored inthe second column of the submatrices M(1,0) to M(4,0) of the MAT-MEM 50.

The values of matrix elements in the third to 32nd column of thesubmatrices M(0,0), M(1,0), . . . . M(4,0) are generated by repeatingthe same procedure as the second column. For the remaining submatricesM(0,1), M(1,1), . . . M(4,4), the set value of the G-REG 202 are usedfor all matrix computation from the first to 32nd column, and the sameprocedure as the computation cycle after the second column of thesubmatrices M(0,0), M(1,0), . . . M(4,0) are repeated.

FIG. 9 shows an embodiment of a CRC matrix element generation routine100 to be executed by the control part 70 to control the matrix elementcomputation part 30 shown in FIG. 8.

In the CRC matrix element generation routine 100, a parameter i forspecifying a column is initialized to have an initial value 0, and avalue 31 is set as the value of a parameter jmax for indicating the lastcolumn (step 101), and the coefficients of g′-CRC read out from thememory area 271 is loaded into the A-REG 201 and the G-REG 202 (steps102 and 103). Next, the generation patterns of the control signals S1 toS4 are set as a single matrix mode. Here, the single matrix mode meansthat the matrix element computation is completed by a single submatrixhaving the basic size of 32×32 bits. In this mode, the control signalsS1, S2 and S4 are brought to the state that each of the second and thirdgroups of selectors 36-i and 39-i (i=0 to k) and the selector 37constantly selects the input of A port, and the control signal S3 isbrought to the state of producing no latch signal.

At first, the control signal S0 is generated so that each of the firstgroup of selectors 33-i (i=0 to k) selects the output of the A-REG 201(the input of A port) (105), then the matrix elements in the j-th columnare computed by the EOR circuits 32-i (i=0 to k) (106). The computationresults of the j-th column outputted from the EOR circuit are held inthe an initial value 0, a value 4 is set as the maximum value Imax andJmax of the parameters I and J, and a value 31 is set as the maximumvalue jmax of j (121).

Next, the generation patterns of the control signals S1, S2, S3 and S4are set to a submatrix mode. Here, the submatrix mode means that thecomputation of matrix elements is executed by dividing the matrix into aplurality of submatrices. In this mode, the control signal S1 isswitched so that each of the second group of selectors 36-i (i=0 to k)and the selector 39-k selects the input of A port in the computationcycle of the submatrix M(0,J) and selects the input of B port in thecomputation cycles of other submatrices M(I,J) (I=1 to 4). The controlsignal S2 is switched so that the selector 37 selects the input of Aport in the computation cycle in the first column of the submatricesM(I,0) (I=0 to 4) and thereafter selects the input of B port.

The control signal S3 produces a latch signal in the computation cyclesfor each column of the submatrix M(0,J) to hold the output values of theselector 33-0 in the latch circuit 34. The output value of the latchcircuit 34 is not changed in the computation cycles of the submatricesM(1,J) to M(4,J). The control signal S4 is in a state that each of thethird group of selectors 39-i (i=0 to k−1) constantly selects the inputof A port.

First, by generating the control signal S0, each of the first group ofselectors 33-i (i=0 to k) selects the output of the A-REG 201 (the inputof A port) (123) so that the I-th block KEY(I) of an encryption key isloaded from the E-KEY area 273 of the memory 27 to the A-REG 201 (124).At this time, each of the EOR circuits 32-i (i=0 to k) computes thematrix elements in the first column of the submatrix M(I,J) according tothe 32 bits of parameter indicated by the KEY(I) (125). The computationresults are held in the shift register 38 and the register 35, andstored thereafter in the j-th column of the ECC submatrix area M(I,J)defined in the MAT-MEM 50 (126).

Next, the value of the parameter I is incremented (127), and the valueof I is compared with Imax (128). If not I>Imax, the program sequence isreturned to step 124 to load the next block of an encryption key KEY(I)from the E-KEY area 273 to the A-REG 201 to repeat the same operation asabove.

If I>Imax, the status of the control signal S0 is switched so that eachof the first group of selectors 33 selects the output of the G-REG 202(the input of B port) (130), the vaslue of the parameter I is returnedto the initial value 0 and the value of the parameter j is incremented(133).

Next, the value of the parameter j is compared with jmax (134). If notj>jmax, the I-th block g-ECC(I) of the coefficients of polynomial g(x)is loaded from the g-ECC area 272 of the memory 27 to the A-REG 201(135). By this operations, the EOR circuits 32-i (i=0 to k) can computethe j-th column elements of the submatrix M (I, J) according to the 32bits of parameter indicated by the block g-ECC(I) (136). The computationresults are held in the register 35 and stored in the j-th column of theECC submatrix area M(I,J) defined in the MAT-MEM 50 (137).

Next, the value of the parameter I is incremented (138), and the value Iis compared with Imax (139). If not I>Imax, the program sequence isreturned to step 135 to load the next block g-ECC(I) from the E-KEY area273 to the A-REG 201 to repeat the same operation as above. If I>Imax instep 139, the program sequence is returned to step 133 to return thevalue of the parameter I to the initial value 0 and increment the valueof the parameter j. After that, the same procedure is repeated for thematrix elements of the next column.

If j>jmax in step 134, the program sequence is advanced to step 140 toreturn the values of the parameter j and I to the initial value 0 andincrement the value of the parameter J, whereby the computation objectis changed to the submatrix M(I,J) in the next column. The value of theparameter J is compared with Jmax (141). If J>Jmax, the routine isterminated. If not J>Jmax, the program sequence is advanced to step 135to repeat the above-described computing operation of the matrix elementsfor the first to 32nd columns in the submatrices M(0,J) to M(4,J).

In the execution process of the steps 133 to 141, the matrix elements inthe first row of the matrix M are held in the latch circuit 34 by alatch signal given by the control signal S3 in the computation cycle foreach column of the submatrix M(0,J). This values are supplied to the ANDcircuits 31-0 to 31-k in each of the computation cycles for thesubsequent submatrices M(1,J) to M(4,J). Since the matrix element in thelast row in the previous column outputted from the last storage area35-k of the register 35 is supplied to the EOR circuit 32-0 in the firstrow shown in FIG. 8, the boundary condition of the submatrices describedin FIG. 6 can be satisfied.

Although the matrix element generation routine for ECC encryption isdescribed above, by applying the decryption key read out from the D-KEYarea of the memory 27 as the block KEY(I), it is able to generate thematrix elements for ECC decryption by the same control procedure as theroutine 120.

FIGS. 11(A) and 11(B) show a flowchart of a transmitting data processingroutine 200 and a flowchart of a receiving data processing routine 300to be executed by the control part 70 to control the inner productcalculation part 40.

The transmitting data processing routine 200 includes encryptionprocessing (210) of transmitting data (transmitting message) read outfrom the Tx-BUF area 261A in the buffer memory 26 and CRCgeneration/transmission processing (230) of encrypted data read out fromthe Tx-ENC area 262A. When the transmitting data need not be encrypted,the CRC generation/transmission processing (230) is executed on thetransmitting data read out from the Tx-BUF area 261A.

The receiving data processing routine 300 includes CRC generationprocessing (310) of the receiving data stored in the Rx-CRC area 263B ofthe buffer memory 26, CRC code consistency check (320), and decryptionprocessing (330) of the receiving data judged to have no errors in theCRC code consistency check 320. In the decryption processing (330), itis judges whether the receiving data is encrypted data or not. If thereceiving data is not encrypted data, the receiving data is transferredto the Rx-BUF area 161B. If the receiving data is encrypted data, thereceiving data is decrypted and transferred to the Rx-BUF area 161B. Forthe receiving data in which an error is detected as a result of the CRCcheck, error processing (350) such as error notification to the coreprocessor 10 as a master apparatus is executed. The transmitting dataprocessing routine 200 and the receiving data processing routine 300 areexecuted alternately for each message.

FIG. 12 is a flowchart showing an embodiment of the transmitting dataencryption processing 210.

The control part 70 reads out the header part of transmitting data fromthe Tx-BUF area 261A (211), calculates, from data length L indicated bythe header part, the number Nmax of blocks in the case where thetransmitting data is divided into blocks having the block length ofencrypted data (in this case, 160 bits), and initializes the value ofparameter n for indicating the number of times of repetition of theencryption processing to have an initial value 1 (212). In thisembodiment, the header part is excluded from the encryption object andthe encrypted data is transferred to the Tx-ENC area 262A (213).

First, each of the values of the parameters I and J for specifying asubmatrix M(I, J) are initialized to have an initial value 0 (214). Then-th data block of the transmitting data is read out in units of 32 bitsfrom the Tx-BUF area 261A to transfer it to the B-REG 203 (215). Here,the 32 bits of data block read out to the B-REG 203 is expressed asD(n)-J. The first data block D(n)-0 read out corresponds to the data D-0in FIG. 7, and the next data block D(n)-1 read out corresponds to thedata D-1.

Next, the submatrix M (I, J) for encryption is loaded from the memory 50to the M-REG 51 (216) and the inner product calculation part 40 isstarted (217). Then, the results of inner product calculation betweenthe submatrix M(I, J) and the data D(n)-J is outputted to the C-REG 204.In the first inner product calculation using the submatrix M(0,0), thevalues of C0 to C31 shown in FIG. 7 are calculated. As the obtainedvalues are merely the sub-calculation values of the ECC code in thiscase, they are EOR added to the pre-computed values in the ECC-I area ofa C-MEM 52 (218). In the C-MEM 52, code value storage areas ECC-0 toECC-4 each having a 32-bit length are prepared so as to be correspondingto the parameter J of the submatrix M(I,J). The initial value of each ofthe areas is 0.

The value of the parameter I is incremented (219) and it is judgewhether I>4 or not (220). If the value of I is 4 or below, the programsequence is returned to step 216 in order to repeat the same operation.According to these operations, the inner product calculation between thedata D-0 and the submatrices M 1,0) and M(4,0) is executed successively,and the calculation results C32-C63 to C128-C159 are EOR added to thepre-computed values in the ECC-1 to ECC-4 of the C-MEM 52.

As a result of incrementing the parameter I, when the value of I becomesgrater than 4, the value of I is returned to the initial value 0 and thevalue of J is incremented (221) to judge whether J>4 (222). If the valueof J is equal to or below 4, the program sequence is returned to step215 in order to transfer the next block D(n)-J of the transmitting datafrom the Tx-BUF area 261A to the B-REG 203 and to repeat the operationsof the steps 215 to 222. By repeating the operations until the value ofJ exceeds 4, the inner product calculation between the data D-1 and thesubmatrices M(0,1) to M(4,1), between the data D-2 and the submatricesM(0,2) to M(4, 2), between the data D-3 and the submatrices M(0,3) toM(4, 3), and between the data D-4 and the submatrices M(0,4) to M(4, 4)shown in FIG. 7 are executes successively. The inner product calculationresults are EOR added to the ECC-0 to ECC-4 in the C-MEM 52successively.

When the value of the parameter J is J>4, the contents (ECC-0 to ECC-4)of the C-MEM 52 indicate the encrypted result of the transmitting datahaving a 160-bit length. Accordingly, the contents of the C-MEM 52 aretransferred to the Tx-ENC area 262A of the buffer memory (223). Afterclearing the ECC-0 to ECC-4 in the C-MEM 52 (224), the value of theparameter n is incremented (225) to compare it with the maximum valueNmax (226). If not n>Nmax, the program sequence is returned to step 214so that the encryption processing on the next transmitting data D(n)having a 160-bit length is performed. When n>Nmax, encryption of onetransmitting message is completed.

FIG. 13 is a flowchart showing an embodiment of the CRCgeneration/transmission processing (230).

In the CRC generation/transmission processing (230), encrypted data isread out in units of 32 bits from the Tx-ENC area 262A to generate CRC.Here, description will be given in the case of encrypted transmittingdata. In the case of sending unencrypted transmitting data, the data inthe Tx-BUF area 261A may be treated as a CRC generation object.

The header part of the transmitting message is read out from the Tx-ENCarea 262A to transfer it to the transmission part 11(231). Next, thenumber of data blocks Nmax is calculated in the case where the length Kof the encrypted data is read out in units of 32 bits, and the value ofthe parameter n indicating the number of times of repetition of theprocessing is initialized to have an initial value “1” (232).

After loading the elements of CRC matrix from the memory 50 to the M-REG51 (233), the first data block D(n) of the encrypted transmitting datais read out from the Tx-ENC area 262A to transfer it to the transmissionpart 11 and the B-REG 203 (234). By starting the inner productcalculation part 40 in this state (235), the results C0 to C31 of innerproduct calculation between the CRC matrix M and the data D(n) areoutputted to the C-REG 204.

In the case of CRC generation, since a whole CRC code to be added to thedata block D(n) can be generated by once of starting the inner productcalculation part 40, the contents of the C-REG 204 are transmitted tothe transmission part 11 (236). After that, the value of the parameter nis incremented (237) to compare it with Nmax (238). When n is, equal toor below Nmax, the program sequence is returned to step 234 to read outthe next data block D(n) from the Tx-ENC area 262A and to repeat theabove-described operation. When n>Nmax, the CRC generation processingfor one message is completed.

CRC generation processing 310 in the receiving data processing routine300 shown in FIG. 11 is realized by modifying the CRC generation routineof the transmitting data described in FIG. 13 in such a manner that theRx-CRC area 263B is used instead of the Tx-ENC area 262A as the storagearea from which the data block is read out, and the destination of theheader, data block and CRC is changed from the transmission part 11 tothe Rx-ENC area 262B (the Tx-BUF area 261B in the case of plainreceiving data) of the buffer memory.

Since the receiving data decryption processing 330 may perform innerproduct calculation processing, using the decryption submatrix loadedfrom the memory 50 to the M-REG 51, on the data block read out from theRx-ENC area 262B, it has the same procedure basically as thetransmitting data encryption routine described in FIG. 12.

In the above embodiment, the CRC and ECC matrices generated by thematrix element computation part 30 are stored in the memory (MAT-MEM)50, and when performing CRC generation and ECC encryption/decryptionprocessing, the matrix elements necessary for the inner productcalculation part 40 are suitably loaded from the MAT-MEM 50 to the M-REG51. The M-REG 51 may be prepared as exclusive registers for CRC and ECCencryption and decryption, thereby to directly load the matrix elementsgenerated by the matrix element computation part 30 to these exclusiveregisters. In this case, it is able to perform CRC generation and ECCencryption/decryption processing at high speed by switching the M-REG 51to be connected to the inner product computation part 40.

In this embodiment, the basic size of the matrix generated by the matrixelement computation part is 32×32. When the basic size becomes smaller,for instance, to 8×8 or 16×16, the CRC matrix has to be generated in thesubmatrix mode. In this case, the same control method as the ECC matrixelement generation routine 120 described in FIG. 10 may be employed inthe CRC matrix element generation routine 100.

According to the present invention, by applying matrix elements preparedin advance, a CRC code necessary for error detection oftransmitting/receiving data can be generated at high speed. Further, byusing the matrix element computation part for generating the matrix forCRC, it is able to rapidly generate the matrix elements for ECCencryption and decryption. Accordingly, if it is desired to suitablychange the encryption key in order to increase the safety, by supplyingencryption key data from outside and instructing the control part 70 toexecute the ECC matrix generation routine, it becomes easy to generatenew matrix elements according to the encryption key.

INDUSTRIAL APPLICABILITY

According to the present invention, as the same hardware (the matrixelement computation part and the inner product calculation part) isapplicable in common to the error detection code generation andencryption processing, a compact packet communication apparatus can beprovided. Further, matrix elements necessary for encryption/decryptionprocessing are generated in the packet communication apparatus, itbecomes easy to change an encryption key to increase the safety oftransmitting/receiving data.

1. A code computing apparatus comprising: first and second registers(201 and 202) in which parameters having a predetermined bit length areset, respectively; a third register (203) in which data to be encryptedis set; a matrix element computation part (30) for generating matrixelements from the values set in said first and second registers; amatrix element register (51) for holding the matrix elements generatedby said matrix element computation part; and an inner productcalculation part (40) for executing inner product calculation betweenthe matrix elements held by said matrix element register and the dataset in said third register, wherein said matrix element computation partselectively generates matrix elements for error detection and matrixelements for encryption by changing the parameters to be set in saidfirst and second registers, and said inner product calculation partselectively performs error control code generation and data encryptionby altering the matrix elements to be held in said matrix elementregister.
 2. A code computing apparatus comprising: first and secondregisters (201 and 202) for storing, at least one of them, coefficientdata of a polynomial of degree n; a third register (203) in which datato be encrypted is set; a matrix element computation part (30) forgenerating matrix elements of n×n from the value set in said first andsecond registers; a matrix element register (51) for holding the matrixelements generated by said matrix element computation part; and an innerproduct calculation part (40) for executing inner product calculationbetween the matrix elements held by said matrix element register and thedata set in said third register; wherein said inner product calculationpart produces encrypted data of transmitting data or receiving datasupplied to said third register.
 3. The code computing apparatusaccording to claim 2, wherein said matrix element computation partgenerates matrix elements for error detection, and said inner productcalculation part generates an error detection code corresponding to thedata set in said third register.
 4. The code computing apparatusaccording to claim 3, wherein coefficient data (g′) of a polynomial g(x)of degree n of Galois field is set, except for a coefficient of thehighest degree n, to said first and second registers, and said innerproduct calculation part outputs a CRC code corresponding to a modulus(mod) of the polynomial g(x) for the data set in said third register. 5.The code computing apparatus according to claim 2, wherein said matrixelement computation part generates matrix elements for encryption, andsaid inner product calculation part outputs an encryption code of thedata set in said third register.
 6. The code computing apparatusaccording to claim 5, further comprising: a first memory for storingcoefficient data of an irreducible polynomial g(x) of degree n of Galoisfield and encryption key data; a control part (70) for reading out fromsaid memory the coefficient data and the encryption key data in a formdivided into a plurality of data blocks and setting them in said firstand second registers, respectively, and a second memory for storingelements values of a plurality of partial matrices, wherein elements ofa plurality of partial of matrix of n×n are generated by said matrixelement computation part (30), and under the control of said controlpart, the elements of partial matrix generated by said matrix elementcomputation part are stored in said second memory, the elements ofpartial matrix are selectively loaded from said second memory to saidmatrix element register (51), and said inner product calculation partrepeats the inner product calculation between the data set in said thirdregister and the elements of a plurality of partial matrices, thereby tooutput said encryption code.
 7. The code computing apparatus accordingto claim 6, further comprising: means (52 and 53) for performingexclusive OR operation between the results of inner product calculationgenerated by said inner product calculation part and pre-computedelements held as intermediate results of the calculation, and holdingthe results of exclusive OR operation as new intermediate results of thecalculation.